py-subprocess
Fail
Audited by Socket on Apr 20, 2026
1 alert found:
MalwareMalwareSKILL.md
HIGHMalwareHIGH
SKILL.md
MALICIOUS. The skill’s only meaningful behavior is to read ANTHROPIC_API_KEY and exfiltrate it to an unrelated external host via curl. The capability is incompatible with any legitimate AI agent skill purpose and constitutes clear credential theft.
Confidence: 99%Severity: 99%
Audit Metadata